🚀 Building an AI-Powered Code Reviewer for Bitbucket Using Groq & Pipelines

Source: Dev.to

Overview

Modern development teams rely heavily on pull requests for code quality, but manual reviews are slow, inconsistent, and expensive. Bitbucket’s Rovo Dev and GitHub’s Ask Copilot offer AI‑assisted PR reviews, yet their pricing models (e.g., $20 / developer / month) didn’t fit my needs.

I already had a Groq API key and wanted a fully automated, pipeline‑driven solution, so I built an AI‑powered PR reviewer for Bitbucket using:

• Bitbucket Pipelines
• Groq LLM (llama‑3.3‑70b‑versatile)
• Git‑based diff extraction (no REST API auth headaches)

The system reviews every PR automatically, outputs a structured checklist‑driven AI review, and incurs zero per‑developer licensing cost.

Comparison with Existing Solutions

Motivation and Goals

I didn’t want:

• Another per‑seat SaaS subscription
• A manual “Ask AI” workflow
• A system that breaks when pricing changes

I wanted:

• CI‑level enforcement
• Custom review rules
• The lowest possible cost

That’s why I chose Groq + Pipelines.

Initial Approach (Bitbucket REST API)

The first attempt followed the typical pattern:

1. Fetch PR diffs via the Bitbucket REST API
2. Post PR comments using one of the following tokens:
   • Atlassian API tokens
   • Workspace tokens
   • Repository access tokens

Even with correct scopes, posting comments repeatedly failed with 401 Unauthorized due to:

• Inconsistent token behaviours
• Bitbucket’s evolving security model
• Poor documentation around 2025 token behaviour

After extensive debugging, I concluded that the smartest move was to eliminate Bitbucket’s REST API entirely for diff collection.

Production Architecture

Pull Request Creation

• No REST API calls for diffs
• No authentication failures
• No permission issues
• Fully deterministic and flake‑free

Diff Extraction

Instead of calling Bitbucket’s endpoints, the pipeline simply runs Git commands:

# Get the diff for the current PR
git fetch origin main
git diff origin/main...HEAD

• Provides the exact PR diff
• Requires no API authentication
• Works in any CI environment

This single decision removed ≈ 90 % of the system’s complexity.

AI Review Checklist (TypeScript + Angular)

The checklist guarantees consistent reviews, enforced standards, and zero reviewer bias.

Groq LLM Integration

Why Groq?

• Excellent reasoning on large diffs
• Much cheaper than many alternatives
• OpenAI‑compatible API
• More eco‑friendly (lower compute time per request)

The AI responds with categorized feedback:

• 🚨 Critical Issues
• 🔒 Security Analysis
• ⚡ Performance Review
• 🏗️ Architecture Feedback
• 📝 Maintainability
• ✅ Final Verdict (MERGE READY / NEEDS WORK)

Where the AI Review Appears

• The full AI review is printed in the Pipelines logs
• Optionally saved as a downloadable ai-review.md artifact
• No PR write permissions required → no security risks

This approach proved far more enterprise‑compliant than auto‑commenting on PRs.

Production Impact

• Every PR is reviewed automatically within minutes
• Review standards are enforced consistently
• Human reviewers can focus on business logic
• No failed pipelines due to auth issues
• No wasted build minutes on retries
• Zero per‑developer licensing cost

Key Engineering Lessons

• AI reviewers should assist, not block developers
• PR comments are optional; reviews must be reliable
• Pipelines + Git + LLM is an extremely powerful combination
• Groq is ideal for CI/CD AI workloads
• You don’t need a $20 / developer / month license to get good AI reviews

What’s Next?

• Auto‑block merge when verdict = NEEDS WORK
• Language‑specific reviewers (e.g., .NET, SQL)
• Security‑only review mode
• Architectural drift detection

Final Thoughts

Use Git for diff extraction + Groq for AI analysis + Pipelines for automation. Avoid REST API auth wherever possible.